ISASecure Certification
Component Security Assurance (CSA)
Certify an individual industrial automation component against IEC 62443-4-2. ISASecure CSA evaluates embedded devices, host devices, software applications, and network devices across three parallel assurance streams — secure-development artifacts, accredited functional testing, and vulnerability identification testing — to a defined target Security Level (SL 1–4).
Technical Security Evaluation for IACS Components
Overview
ISASecure CSA (Component Security Assurance) certifies an individual component used in industrial automation and control systems against IEC 62443-4-2. It provides independent, third-party validation that a specific component — embedded device, host device, software application, or network device — meets the security requirements appropriate for its component type and a defined target Security Level (SL 1–4). A current SDLA certification of the vendor's development process (per IEC 62443-4-1) is a prerequisite.
The evaluation runs three assurance streams in parallel: Secure Development Artifacts (SDA) verifies the component's secure-development evidence; Functional Security Assessment (FSA) is accredited lab testing against every applicable IEC 62443-4-2 requirement, filtered by component type and target SL, with network-related requirements evaluated per interface; and Vulnerability Identification Testing (VIT) scans the component in a known-good state and triages the findings. The three streams converge for an independent certification decision.
As an ISASecure Chartered Laboratory, Perseus conducts CSA evaluations with deep technical expertise in industrial protocols, embedded systems, and OT security. Our laboratory is equipped to test the full range of industrial component types, from embedded controllers and safety systems to network infrastructure and industrial software platforms. We help vendors demonstrate the security posture of their products to asset owners and system integrators who demand evidence-based assurance.
Embedded Devices
PLCs, RTUs, sensors, actuators, and safety controllers
Host Devices
Engineering workstations, HMIs, historians, and OPC servers
Software Applications
SCADA software, DCS applications, and MES platforms
Network Devices
Industrial switches, routers, firewalls, and VPN gateways
Three Parallel Assurance Streams
What We Evaluate
Secure Development Artifacts
Verifies the secure-development evidence for the specific component under evaluation, per IEC 62443-4-1. The vendor's SDLA certification covers the development process; SDA confirms the artifacts behind this component.
Functional Security Assessment
Accredited lab testing (ISO/IEC 17025) against every applicable IEC 62443-4-2 requirement, filtered by component type and target SL. Network-related requirements are evaluated per interface.
Vulnerability Identification Testing
A vulnerability scan of the component in a known-good state. Findings are triaged before disclosure, and the pass criteria scale with the target Security Level.
FSA testing covers all seven IEC 62443-4-2 foundational requirements — identification & authentication control, use control, system integrity, data confidentiality, restricted data flow, timely response to events, and resource availability — applied to the requirements that match the component type and target SL.
CSA Certification Process
Our Approach
Driving standards
- IEC 62443-4-2 — component security requirements
- IEC 62443-4-1 — secure development (SDLA prerequisite)
- ISO/IEC 17025 — accredited testing
- ISO/IEC 17065 — impartial certification decision
Planning
Confirm scope: component type (embedded device, host device, software application, or network device), accessible network interfaces, and the target security level (SL 1–4). A current SDLA certification is a prerequisite.
- Confirm component type and identity
- Document accessible network interfaces
- Confirm the SDLA prerequisite is in place
- Asset owner signs off scope
Frequently Asked Questions
FAQ
ISASecure CSA (Component Security Assurance) certifies an individual industrial automation component against IEC 62443-4-2. Unlike SDLA, which certifies a vendor's development process, CSA certifies a specific product — confirming it meets the IEC 62443-4-2 requirements appropriate for its component type and target Security Level. The evaluation combines secure-development artifact review, accredited functional testing, and vulnerability identification testing.
Certify Your Component Security
Demonstrate the security capabilities of your industrial automation components with ISASecure CSA certification from Perseus, an accredited Chartered Laboratory.